2170 matches found
Flowise: File Upload Validation Bypass in createAttachment
Summary In FlowiseAI, the Chatflow configuration file upload settings can be modified to allow the application/javascript MIME type. This lets an attacker upload .js files even though the frontend doesn’t normally allow JavaScript uploads. This enables attackers to persistently store malicious...
CVE-2026-39620
Cross-Site Request Forgery CSRF vulnerability in priyanshumittal Appointment appointment allows Upload a Web Shell to a Web Server.This issue affects Appointment: from n/a through = 3.5.5...
CVE-2026-39621
Cross-Site Request Forgery CSRF vulnerability in spicethemes SpicePress spicepress allows Upload a Web Shell to a Web Server.This issue affects SpicePress: from n/a through = 2.3.2.5...
CVE-2026-39619
Cross-Site Request Forgery CSRF vulnerability in priyanshumittal Busiprof busiprof allows Upload a Web Shell to a Web Server.This issue affects Busiprof: from n/a through = 2.5.2...
EUVD-2026-20262
Cross-Site Request Forgery CSRF vulnerability in priyanshumittal Appointment appointment allows Upload a Web Shell to a Web Server.This issue affects Appointment: from n/a through = 3.5.5...
EUVD-2026-20263
Cross-Site Request Forgery CSRF vulnerability in spicethemes SpicePress spicepress allows Upload a Web Shell to a Web Server.This issue affects SpicePress: from n/a through = 2.3.2.5...
CVE-2026-39621
Cross-Site Request Forgery CSRF vulnerability in spicethemes SpicePress spicepress allows Upload a Web Shell to a Web Server.This issue affects SpicePress: from n/a through = 2.3.2.5...
CVE-2026-39620
Cross-Site Request Forgery CSRF vulnerability in priyanshumittal Appointment appointment allows Upload a Web Shell to a Web Server.This issue affects Appointment: from n/a through = 3.5.5...
CVE-2026-39619
Cross-Site Request Forgery CSRF vulnerability in priyanshumittal Busiprof busiprof allows Upload a Web Shell to a Web Server.This issue affects Busiprof: from n/a through = 2.5.2...
CVE-2026-39620
CVE-2026-39620 is a CSRF vulnerability in the WordPress Appointment theme (
CVE-2026-39620 WordPress Appointment theme <= 3.5.5 - Cross Site Request Forgery (CSRF) to Arbitrary File Upload vulnerability
Cross-Site Request Forgery CSRF vulnerability in priyanshumittal Appointment appointment allows Upload a Web Shell to a Web Server.This issue affects Appointment: from n/a through = 3.5.5...
CVE-2026-39621 WordPress SpicePress theme <= 2.3.2.5 - CSRF to Arbitrary Plugin Installation vulnerability
Cross-Site Request Forgery CSRF vulnerability in spicethemes SpicePress spicepress allows Upload a Web Shell to a Web Server.This issue affects SpicePress: from n/a through = 2.3.2.5...
CVE-2026-39620 WordPress Appointment theme <= 3.5.5 - Cross Site Request Forgery (CSRF) to Arbitrary File Upload vulnerability
Cross-Site Request Forgery CSRF vulnerability in priyanshumittal Appointment appointment allows Upload a Web Shell to a Web Server.This issue affects Appointment: from n/a through = 3.5.5...
CVE-2026-39621 WordPress SpicePress theme <= 2.3.2.5 - CSRF to Arbitrary Plugin Installation vulnerability
Cross-Site Request Forgery CSRF vulnerability in spicethemes SpicePress spicepress allows Upload a Web Shell to a Web Server.This issue affects SpicePress: from n/a through = 2.3.2.5...
CVE-2026-39621
The CVE-2026-39621 entry describes a CSRF vulnerability in the spicethemes SpicePress WordPress theme, affecting versions up to and including 2.3.2.5. The issue permits a CSRF that may enable an attacker to upload a web shell to the target server, enabling arbitrary plugin installation via a craf...
CVE-2026-39621
Cross-Site Request Forgery CSRF vulnerability in spicethemes SpicePress spicepress allows Upload a Web Shell to a Web Server.This issue affects SpicePress: from n/a through = 2.3.2.5...
CVE-2026-39620
Cross-Site Request Forgery CSRF vulnerability in priyanshumittal Appointment appointment allows Upload a Web Shell to a Web Server.This issue affects Appointment: from n/a through = 3.5.5...
EUVD-2026-20261
Cross-Site Request Forgery CSRF vulnerability in priyanshumittal Busiprof busiprof allows Upload a Web Shell to a Web Server.This issue affects Busiprof: from n/a through = 2.5.2...
CVE-2026-39619
Summary: CVE-2026-39619 affects the WordPress Busiprof theme (
CVE-2026-39619 WordPress Busiprof theme <= 2.5.2 - Cross Site Request Forgery (CSRF) to Arbitrary File Upload vulnerability
Cross-Site Request Forgery CSRF vulnerability in priyanshumittal Busiprof busiprof allows Upload a Web Shell to a Web Server.This issue affects Busiprof: from n/a through = 2.5.2...